X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=vcore%2Fsrc%2Fvcore%2FCRLImpl.cpp;h=1912a5d812336535af0fd60c0cf8a53d33354b07;hb=3ef62a29afa645761e303dce21eaabee35907796;hp=6602e1734ebd32acca5383de9f1728e7af8170ec;hpb=b854e72692792825c7d905df13eac186e73a1d2d;p=platform%2Fcore%2Fsecurity%2Fcert-svc.git diff --git a/vcore/src/vcore/CRLImpl.cpp b/vcore/src/vcore/CRLImpl.cpp index 6602e17..1912a5d 100644 --- a/vcore/src/vcore/CRLImpl.cpp +++ b/vcore/src/vcore/CRLImpl.cpp @@ -32,7 +32,7 @@ #include #include -#include +#include #include #include #include @@ -52,10 +52,10 @@ CRL::StringList CRLImpl::getCrlUris(const CertificatePtr &argCert) { CRL::StringList result = argCert->getCrlUris(); - if (!result.empty()) { + if (!result.empty()) return result; - } - WrtLogI("No distribution points found. Getting from CA cert."); + + LogInfo("No distribution points found. Getting from CA cert."); X509_STORE_CTX *ctx = createContext(argCert); X509_OBJECT obj; @@ -66,7 +66,7 @@ CRL::StringList CRLImpl::getCrlUris(const CertificatePtr &argCert) &obj); X509_STORE_CTX_free(ctx); if (0 >= retVal) { - WrtLogE("No dedicated CA certificate available"); + LogError("No dedicated CA certificate available"); return result; } CertificatePtr caCert(new Certificate(obj.data.x509)); @@ -79,7 +79,7 @@ CRLImpl::CRLImpl(CRLCacheInterface *ptr) { Assert(m_crlCache != NULL); - WrtLogI("CRL storage initialization."); + LogInfo("CRL storage initialization."); m_store = X509_STORE_new(); if (!m_store) VcoreThrowMsg(CRLException::StorageError, @@ -99,7 +99,7 @@ CRLImpl::CRLImpl(CRLCacheInterface *ptr) VcoreThrowMsg(CRLException::StorageError, "Failed to add lookup dir for PEM files"); } - WrtLogI("CRL storage initialization complete."); + LogInfo("CRL storage initialization complete."); } CRLImpl::~CRLImpl() @@ -110,7 +110,7 @@ CRLImpl::~CRLImpl() void CRLImpl::cleanup() { - WrtLogI("Free CRL storage"); + LogInfo("Free CRL storage"); // STORE is responsible for LOOKUP release // X509_LOOKUP_free(m_lookup); X509_STORE_free(m_store); @@ -124,7 +124,7 @@ CRL::RevocationStatus CRLImpl::checkCertificate(const CertificatePtr &argCert) FOREACH(it, crlUris) { CRLDataPtr crl = getCRL(*it); if (!crl) { - WrtLogD("CRL not found for URI: %s", (*it).c_str()); + LogDebug("CRL not found for URI: " << *it); continue; } X509_CRL *crlInternal = convertToInternal(crl); @@ -138,17 +138,17 @@ CRL::RevocationStatus CRLImpl::checkCertificate(const CertificatePtr &argCert) // If nextUpdate is not set assume it is actual. retStatus.isCRLValid = true; } - WrtLogI("CRL valid: %d", retStatus.isCRLValid); + LogInfo("CRL valid: " << retStatus.isCRLValid); X509_REVOKED rev; rev.serialNumber = X509_get_serialNumber(argCert->getX509()); // sk_X509_REVOKED_find returns index if serial number is found on list retVal = sk_X509_REVOKED_find(crlInternal->crl->revoked, &rev); X509_CRL_free(crlInternal); retStatus.isRevoked = retVal != -1; - WrtLogI("CRL revoked: %d", retStatus.isRevoked); + LogInfo("CRL revoked: " << retStatus.isRevoked); if (!retStatus.isRevoked && isOutOfDate(crl)) { - WrtLogD("Certificate is not Revoked, but CRL is outOfDate."); + LogDebug("Certificate is not Revoked, but CRL is outOfDate."); continue; } @@ -171,7 +171,7 @@ CRL::RevocationStatus CRLImpl::checkCertificateChain(CertificateCollection certC const CertificateList &certList = certChain.getChain(); FOREACH(it, certList) { if (!(*it)->isRootCert()) { - WrtLogI("Certificate common name: %s", (*it)->getCommonName().c_str()); + LogInfo("Certificate common name: " << (*it)->getCommonName()); CRL::RevocationStatus certResult = checkCertificate(*it); ret.isCRLValid &= certResult.isCRLValid; ret.isRevoked |= certResult.isRevoked; @@ -191,7 +191,7 @@ CRL::RevocationStatus CRLImpl::checkCertificateChain(CertificateCollection certC VerificationStatus CRLImpl::checkEndEntity(CertificateCollection &chain) { if (!chain.sort() && !chain.empty()) { - WrtLogI("Could not find End Entity certificate. " + LogInfo("Could not find End Entity certificate. " "Collection does not form chain."); return VERIFICATION_STATUS_ERROR; } @@ -231,13 +231,13 @@ bool CRLImpl::isOutOfDate(const CRLDataPtr &crl) const { bool CRLImpl::updateList(const CertificatePtr &argCert, const CRL::UpdatePolicy updatePolicy) { - WrtLogI("Update CRL for certificate"); + LogInfo("Update CRL for certificate"); // Retrieve distribution points CRL::StringList crlUris = getCrlUris(argCert); FOREACH(it, crlUris) { // Try to get CRL from database - WrtLogI("Getting CRL for URI: %s", (*it).c_str()); + LogInfo("Getting CRL for URI: " << *it); bool downloaded = false; @@ -250,24 +250,24 @@ bool CRLImpl::updateList(const CertificatePtr &argCert, } if (!!crl && isOutOfDate(crl)) { - WrtLogD("Crl out of date - downloading."); + LogDebug("Crl out of date - downloading."); crl = downloadCRL(*it); downloaded = true; } if (!crl) { - WrtLogD("Crl not found in cache - downloading."); + LogDebug("Crl not found in cache - downloading."); crl = downloadCRL(*it); downloaded = true; } if (!crl) { - WrtLogD("Failed to obtain CRL. URL: %s", (*it).c_str()); + LogDebug("Failed to obtain CRL. URL: " << *it); continue; } if (!!crl && isOutOfDate(crl)) { - WrtLogE("CRL out of date. Broken URL: %s", (*it).c_str()); + LogError("CRL out of date. Broken URL: " << *it); } // Make X509 internal structure @@ -275,7 +275,7 @@ bool CRLImpl::updateList(const CertificatePtr &argCert, //Check if CRL is signed if (!verifyCRL(crlInternal, argCert)) { - WrtLogE("Failed to verify CRL. URI: %s", (crl->uri).c_str()); + LogError("Failed to verify CRL. URI: " << (crl->uri).c_str()); X509_CRL_free(crlInternal); return false; } @@ -320,7 +320,7 @@ bool CRLImpl::verifyCRL(X509_CRL *crl, X509_CRL_get_issuer(crl), &obj); X509_STORE_CTX_free(ctx); if (0 >= retVal) { - WrtLogE("Unknown CRL issuer certificate!"); + LogError("Unknown CRL issuer certificate!"); return false; } @@ -328,19 +328,19 @@ bool CRLImpl::verifyCRL(X509_CRL *crl, EVP_PKEY *pkey = X509_get_pubkey(obj.data.x509); X509_OBJECT_free_contents(&obj); if (!pkey) { - WrtLogE("Failed to get issuer's public key."); + LogError("Failed to get issuer's public key."); return false; } retVal = X509_CRL_verify(crl, pkey); EVP_PKEY_free(pkey); if (0 > retVal) { - WrtLogE("Failed to verify CRL."); + LogError("Failed to verify CRL."); return false; } else if (0 == retVal) { - WrtLogE("CRL is invalid"); + LogError("CRL is invalid"); return false; } - WrtLogI("CRL is valid."); + LogInfo("CRL is valid."); return true; } @@ -349,10 +349,10 @@ bool CRLImpl::isPEMFormat(const CRLDataPtr &crl) const const char *pattern = "-----BEGIN X509 CRL-----"; std::string content(crl->buffer, crl->length); if (content.find(pattern) != std::string::npos) { - WrtLogI("CRL is in PEM format."); + LogInfo("CRL is in PEM format."); return true; } - WrtLogI("CRL is in DER format."); + LogInfo("CRL is in DER format."); return false; } @@ -406,7 +406,7 @@ CRLImpl::CRLDataPtr CRLImpl::downloadCRL(const std::string &uri) &cpath, &use_ssl)) { - WrtLogW("Error in OCSP_parse_url"); + LogWarning("Error in OCSP_parse_url"); return CRLDataPtr(); } @@ -425,7 +425,7 @@ CRLImpl::CRLDataPtr CRLImpl::downloadCRL(const std::string &uri) message.setHeader("Host", host); if (SoupMessageSendSync::REQUEST_STATUS_OK != message.sendSync()) { - WrtLogW("Error in sending network request."); + LogWarning("Error in sending network request."); return CRLDataPtr(); } @@ -438,13 +438,13 @@ CRLImpl::CRLDataPtr CRLImpl::getCRL(const std::string &uri) const CRLCachedData cachedCrl; cachedCrl.distribution_point = uri; if (!(m_crlCache->getCRLResponse(&cachedCrl))) { - WrtLogI("CRL not present in database. URI: %s", uri.c_str()); + LogInfo("CRL not present in database. URI: " << uri); return CRLDataPtr(); } std::string body = cachedCrl.crl_body; - WrtLogI("CRL found in database."); + LogInfo("CRL found in database."); //TODO: remove when ORM::blob available //Encode buffer to base64 format to store in database